netbsd-bugs: Re: xsrc/15357: stack trashing bug crashing the sparc Xservers

Subject: Re: xsrc/15357: stack trashing bug crashing the sparc Xservers
To: NetBSD Bugs and PR posting List <netbsd-bugs@netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: netbsd-bugs
Date: 03/19/2002 16:27:07

[ On Tuesday, March 19, 2002 at 21:39:06 (+0100), Manuel Bouyer wrote: ]
> Subject: Re: xsrc/15357: stack trashing bug crashing the sparc Xservers
>
> On Mon, Mar 18, 2002 at 05:55:26PM -0500, Greg A. Woods wrote:
> > [...]
> > 
> > Hmmm.... The Xserver runs as root.  I don't know what limits are forced
> > on it, but in an ordinary su session I see:
> > 
> > 	# ulimit -a
> > 	time(cpu-seconds)    unlimited
> > 	file(blocks)         unlimited
> > 	coredump(blocks)     unlimited
> > 	data(kbytes)         65536
> > 	stack(kbytes)        512
> > 	lockedmem(kbytes)    12472
> > 	memory(kbytes)       37416
> > 	nofiles(descriptors) 64
> > 	processes            256
> > 
> > Wouldn't a process exceeding the stack size limit always exhibit the
> > same kind of crash though (presumably SIGSEGV)?  I've had multiple
> > examples of each of SIGSEGV, SIGILL, and SIGBUS.
> 
> You can see the limits of the running X server though sysctl:
> sysctl proc.<pid of X server>

Ah, of course!  Thank you!

$ /sbin/sysctl proc.6736
proc.6736.corename = %n.core
proc.6736.rlimit.cputime.soft = unlimited
proc.6736.rlimit.cputime.hard = unlimited
proc.6736.rlimit.filesize.soft = unlimited
proc.6736.rlimit.filesize.hard = unlimited
proc.6736.rlimit.datasize.soft = 67108864
proc.6736.rlimit.datasize.hard = 268435456
proc.6736.rlimit.stacksize.soft = 524288
proc.6736.rlimit.stacksize.hard = 268435456
proc.6736.rlimit.coredumpsize.soft = unlimited
proc.6736.rlimit.coredumpsize.hard = unlimited
proc.6736.rlimit.memoryuse.soft = 38313984
proc.6736.rlimit.memoryuse.hard = 38313984
proc.6736.rlimit.memorylocked.soft = 12771328
proc.6736.rlimit.memorylocked.hard = 38313984
proc.6736.rlimit.maxproc.soft = 256
proc.6736.rlimit.maxproc.hard = 276
proc.6736.rlimit.descriptors.soft = 136
proc.6736.rlimit.descriptors.hard = 956


So, what happens when the soft stacksize limit of a process running as
root is exceeded (on sparc, in particular)?
 
-- 
								Greg A. Woods

+1 416 218-0098;  <gwoods@acm.org>;  <g.a.woods@ieee.org>;  <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>